[dnsext] Protocol Action: 'Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status' to Best Current Practice (draft-ietf-dnsext-dnssec-algo-imp-status-04.txt)
The IESG <iesg-secretary@ietf.org> Wed, 13 March 2013 15:05 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 665C421F8C9F; Wed, 13 Mar 2013 08:05:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.548
X-Spam-Level:
X-Spam-Status: No, score=-102.548 tagged_above=-999 required=5 tests=[AWL=0.052, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 382aAXGYpyQ0; Wed, 13 Mar 2013 08:05:22 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 26A2F21F8E0E; Wed, 13 Mar 2013 08:05:16 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 4.42
Message-ID: <20130313150516.12865.89723.idtracker@ietfa.amsl.com>
Date: Wed, 13 Mar 2013 08:05:16 -0700
Cc: dnsext chair <dnsext-chairs@tools.ietf.org>, dnsext mailing list <dnsext@ietf.org>, RFC Editor <rfc-editor@rfc-editor.org>
Subject: [dnsext] Protocol Action: 'Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status' to Best Current Practice (draft-ietf-dnsext-dnssec-algo-imp-status-04.txt)
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Mar 2013 15:05:23 -0000
The IESG has approved the following document: - 'Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status' (draft-ietf-dnsext-dnssec-algo-imp-status-04.txt) as Best Current Practice This document is the product of the DNS Extensions Working Group. The IESG contact persons are Ralph Droms and Brian Haberman. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-dnsext-dnssec-algo-imp-status/ Technical Summary The DNS Security Extensions (DNSSEC) requires the use of cryptographic algorithm suites for generating digital signatures over DNS data. There is currently an IANA registry for these algorithms that it lacks the recommended implementation status of each algorithm. This document provides an applicability statement on algorithm implementation status for DNSSEC component software. This document lists each algorithm's status based on the current reference. In the case that an algorithm is specified without an implementation status, this document assigns one. The document updates RFCs 2536, 2539, 3110, 4034, 4398, 5155, 5702, and 5933. Working Group Summary The intended effect of this draft was originally captured in draft-ietf-dnsext-dnssec-registry-fixes-08, which made a novel and controversial use of the IANA registry. That approach was too controversial, and so the WG split the document into two parts. This draft is one of them. The present approach was far less controversial than the previous one, and nobody has raised any objection to the current text. Document Quality The draft does not specify a protocol of any kind, but it does make a recommendation in favour of some algorithms that are so far not widely deployed. The discussion of dnssec-registry-fixes led to the approach instantiated in this draft. Personnel Andrew Sullivan is the Document Shepherd, and Ralph Droms is the Responsible Area Director. RFC Editor Note Please make the following two changes: In section 2.2: OLD: 2.2. Algorithm Implementation Status Assignment Rationale The status of RSASHA1-NSEC3-SHA1 is set to Recommended to Implement as many deployments use NSEC3. The status of RSA/SHA-256 and RSA/ NEW: 2.2. Algorithm Implementation Status Assignment Rationale RSASHA1 has an implementation status of Must Implement, consistent with [RFC4034]. RSAMD5 has an implementation status of Must Not Implement because of known weaknesses in MD5. The status of RSASHA1-NSEC3-SHA1 is set to Recommended to Implement as many deployments use NSEC3. The status of RSA/SHA-256 and RSA/ END In the IANA considerations: OLD: Because this document establishes the implementation status of every algorithm, it should be listed as a reference for the entire registry. NEW: Because this document establishes the implementation status of every algorithm, it should be listed as a reference for the registry itself (leaving in place the individual entries for the algorithms referring to the documents that specify them). END
- [dnsext] Protocol Action: 'Applicability Statemen… The IESG
- [dnsext] Protocol Action: 'Applicability Statemen… The IESG
- [dnsext] DNSEXT future: Re: Protocol Action: 'App… Olafur Gudmundsson